Online criminals are having greater success with increased technical sophistication affecting a wider range of industries, according to a new report by Cyveillance. Cybercriminal Attacks Becoming More Targeted “Cyber criminals are focusing their efforts on developing more sophisticated and targeted attacks rather than using a far reaching blanket approach, in order to reap greater financial rewards,” said Panos Anastassiadis, chief operating officer of Cyveillance . “From emails to social networks, online criminals have increasingly more information at their disposal and a growing array of attack vectors to appear credible and go undetected. Organizations must be more vigilant in proactively protecting themselves and cannot rely solely on traditional security measures to keep their infrastructure and sensitive information safe.” While banks and credit unions continue to be the top targets of phishers, governments and the technology and energy industries are now seeing growing number of attacks. During the second half of 2009, 399 brands were first-time targets of phishing attacks, nearly double the amount of first-time targets than in the first half of this year. Averaging over 36,000 confirmed, unique attacks per month in the same period of 2009, phishing attacks continue to succeed despite added security measures and consumer education. The United States hosted 35 percent of all phishing attacks for the second half of 2009, over 4 times as much as the closest country, Netherlands, hosting 8 percent of all attacks.

Originally posted here:
Cybercriminal Attacks Becoming More Targeted

Computer scientists at Rutgers University have demonstrated how hackers could attack smartphones and use them to listen in on a meeting, track a users travels, or rapidly drain the battery without the owner being aware of what happened. Researchers Warn Of SmartPhone Security Threats “Smart phones are essentially becoming regular computers,” said Vinod Ganapathy, assistant professor of computer science in Rutgers’ School of Arts and Sciences. “They run the same class of operating systems as desktop and laptop computers, so they are just as vulnerable to attack by malicious software, or ‘malware.’” Ganapathy and computer science professor Liviu Iftode worked with three students to study malware known as “rootkits.” Unlike viruses, rootkits attack a computer’s operating system. They can only be detected from outside a corrupted operating system with a tool know as a virtual machine monitor, which can examine every system operation and data structure. Rootkit attacks on smartphones or upcoming tablet computers could be more devastating because smart phone owners tend to carry their phones with them all the time. This creates opportunities for potential attackers to eavesdrop, extract personal information from phone directories, or just pinpoint a user’s whereabouts by querying the phone’s Global Positioning System (GPS) receiver. Smartphones also have new ways for malware to enter the system, such as through a Bluetooth radio channel or via text message. In one test, the researchers showed how a rootkit could turn on a phone’s microphone without the owner knowing how it happened. In such a case, a hacker would send an invisible text to the infected phone telling it to place a call and turn on the microphone, such as when the phone’s owner is in a meeting and the attacker wants to eavesdrop. “What we’re doing today is raising a warning flag,” Iftode said. “We’re showing that people with general computer proficiency can create rootkit malware for smart phones. The next step is to work on defenses.” The researchers pointed out they did not assess how vulnerable specific types of smartphones are. They did their work on a phone used mainly by software developers versus commercial phone users. Working within a legitimate software development environment, they deliberately inserted rootkit malware into the phone to study its potential effects. They did not find a vulnerability that a real malware attacker would have to exploit.

See the original post:
Researchers Warn Of SmartPhone Security Threats

Young U.S. Internet users are not receiving enough education about being safe online, according to a new poll by the National Cyber Security Alliance (NCSA) and supported by Microsoft. U.S. Schools Fall Short On Cybersecurity Education More than three quarters of teachers have spent fewer than six hours on education related to cyberethics, cybersafety, and cybersecurity in the last 12 months; more than 50% of teachers reported their school districts do not require these subjects as curriculum; and only 35% taught proper online conduct. Key highlights of the survey include: *More than 90% of technology coordinators school administrators and teachers support teaching cyberethics, cybersafety and cybersecurity in schools. However, only 35% of teachers and just over half of school administrators report that their school districts require cyberethics, cybersafety, and cybersecurity in their curriculum. *Low levels of integration of key cyberethics, cybersecurity, and cybersafety topics into everyday instructional activities. For example, only 27% of teachers taught about the safe use of social networks, only 18% taught about scams, fraud and social engineering, and only 19% taught about safe passwords in the past 12 months. Additionally, 32% of teachers indicated they had not taught cyberethics, and 44% of teachers had not taught cybersafety or cybersecurity. *Differing opinions between teachers and administrators as to who is or should be responsible (parents vs. teachers) for educating students about cyberethics, cybersafety, and cybersecurity. For example, while 72% of teachers indicated that parents bear the primary responsibility for teaching these topics, 51% of school administrators indicate that teachers are responsible. “The study illuminates that there is no cohesive effort to provide young people the education they need to safely and securely navigate the digital age and prepare them as digital citizens and employees,” said Michael Kaiser, Executive Director of the National Cyber Security Alliance . “Unfortunately, we are not meeting the needs of schools, teachers, or students. The survey also found schools rely on shielding students instead of teaching behaviors for safe and secure Internet use. More than 90 percent of schools have built up digital defenses, such as filtering and blocking social networking sites, to protect children on school networks. Those measures may help reduce the online risks children face at school, they do not prepare students to act more safely when accessing the Internet at home or on mobile devices.

View original here:
U.S. Schools Fall Short On Cybersecurity Education

A New York man has pleaded guilty in U.S. District Court in Alexandria, Virginia, to criminal copyright infringement for selling more than $250,000 worth of pirated copies of popular business, engineering and graphic design software programs. According to court documents, Robert Cimino, 59, of Syracuse, N.Y., advertised the sale of discounted popular software programs on a number of Internet advertising forums, operating under the business name “SoftwareSuite.” Customers would contact Cimino by email and would usually buy the products using PayPal. Cimino would mail them pirated copies of Adobe, Autodesk, Intuit and Quark programs he had burned to CD or DVD to the customers. Cimino admitted that from February 2006 to September 2009, he received at least $270,035 from his sales of infringing software products. Cimino is scheduled to be sentenced by U.S. District Judge Anthony J. Trenga on May 28, 2010. Cimino faces a maximum sentence of five years in prison, three years of supervised release, a $250,000 fine, restitution and forfeiture.

More: 
NY Mans Pleads Guilty To Selling Pirated Software Online

Firefox users should take a moment to reevaluate which of the extensions they use they can do without. Security consultants have determined that some extensions represent security risks insofar as their vulnerabilities can put entire systems in jeopardy. Security Problems Found With Firefox Extensions According to a Help Net Security article, Roberto Suggi Liverani and Nick Freeman, who work for Security-Assessment.com, noted at a recent conference that “Mozilla doesn’t have a security model for extensions and Firefox fully trusts the code of the extensions.” Furthermore, “There are no security boundaries between extensions and, to make things even worse, an extension can silently modify another extension.” So Firefox users probably shouldn’t go around trying interesting-sounding extensions willy-nilly. They may also want to take special care to avoid InfoRSS 1.1.4.2, Sage 1.4.3, and Yoono 6.1.1 (along with all previous versions of each extension), since those were singled out by researchers for being vulnerable. On the bright side, it looks like Mozilla’s aware of problems like this, since Firefox 3.6 is supposed to introduce a lockdown feature for add-ons. And since extensions’ vulnerabilities shouldn’t give hackers access to lots of people, perhaps they’ll be left alone until some permanent fixes are in place.

See the original post here: 
Security Problems Found With Firefox Extensions

Alan Ralsky, a 64-year-old who’s better known in certain circles as the “Godfather of Spam,” isn’t going to bother anyone again for quite some time. Yesterday, Ralsky was sentenced to 51 months in prison and five years of supervision following his release, and he’ll also have to forfeit $250,000. Godfather Of Spam Receives 51-Month Sentence Ralsky received his sentence for crimes related to wire fraud, mail fraud, and violating the CAN-SPAM Act. Assistant Attorney General Lanny A. Breuer shared a few more details - and talked about the potential results of this development - in a formal statement. “Today’s sentencing sends a powerful message to spammers whose goal is to manipulate financial transactions and the stock market through illegal e-mail advertisements,” he said. “People who use fraudulent e-mails to drive up stock prices and reap illicit profits will be prosecuted, and they will face significant prison time.” And in fact, it looks like they’ll be prosecuted on all sorts of fronts, since the FBI, IRS, and Postal Inspection Service deserve credit for bringing Ralsky to justice. Ralsky’s accomplices Scott Bradley, How Wai John Hui, and John S. Brown were also sentenced on Monday (to mostly similar jail terms and fines), and two more people who were indicted with him still have their cases pending.

Read the rest here: 
Godfather Of Spam Receives 51-Month Sentence